Skip navigation

dns dynamically updated

6465 Views 19 Replies Latest reply: Jan 9, 2013 11:00 AM by David Kelly1 RSS
1 2 Previous Next
lluca40 Level 1 Level 1 (0 points)
Currently Being Moderated
Nov 21, 2011 3:30 AM

Hi all. I'm new to os x server. I need my DNS on Lion Server updated automatically when a workstation is switched on in my network. Is there a way to do it?

Thanks, regards - Luca

lion server, Mac OS X (10.7.1)
  • John Lockwood Level 5 Level 5 (5,075 points)
    Currently Being Moderated
    Nov 21, 2011 5:50 AM (in response to lluca40)

    The underlying DNS server of Mac OS X Server is called BIND and does support this, however Apple's admin tools do not provide a means of configuring this. So the answer for most people is no it cannot be done. However have a look at this article and see if it helps you.

     

    http://labs.hoffmanlabs.com/node/1745

  • John Lockwood Level 5 Level 5 (5,075 points)
    Currently Being Moderated
    Nov 22, 2011 2:07 AM (in response to lluca40)

    I believe the author of that article is the same Hoffman as the MrHoffman who frequents these forums. Hopefully he will step in and answer your query further. If you don't get a reply from him in a day or two you could try posting a message with his user name in the subject.

  • Damon Allen Davison Level 1 Level 1 (10 points)
    Currently Being Moderated
    Nov 22, 2011 5:16 AM (in response to lluca40)

    Luca, what do you imagine "updating" DNS will do when a workstation is switched on?

     

    DNS is a way of assigning names to IP addresses and does not need to be updated when computers appear on the network.

     

    Perhaps you are thinking of DHCP, which assigns configuration such as an IP address to the workstations when they are turned on. You can configure DHCP to assign the IP address that corresponds to a DNS entry by telling the DHCP server what MAC address a workstation's network adapter has assigned to it.

     

    If you configure both DHCP and DNS correctly, you can address your computers by their names. That said, Mac OS X does a pretty good job of advertising the host name (computer name) via Bonjour, so it may not be necessary for you to set this up if all your computers work via Bonjour--you just browse the network in Finder and you can see all the names.

     

    The DHCP/DNS configuration I'm describing is most useful when you need to run services that need to be accessible from outside your network, but even then simply setting a static IP for your workstation should be sufficient. It's also the standard way of doing things when working with Unix hosts.

  • John Lockwood Level 5 Level 5 (5,075 points)
    Currently Being Moderated
    Nov 22, 2011 5:27 AM (in response to Damon Allen Davison)

    There are two different forms of Dynamic DNS. The one Luca is referring to is when you have devices on a network which get their IP address via DHCP and this is a dynamic and changing address but you still want to use a DNS hostname with that specific machine. Normally DNS hostnames always point to the same static IP address.

     

    If you have a suitable DNS server it can link the device on the network to that hostname and change the IP address to match any change in address issued to the device by the DHCP server. As I mentioned the DNS server Apple use can do this but Apple themselves do not provide a means to configure this.

     

    For your information the second form of Dynamic DNS is where you have a single public internet IP address which is also dynamic (issued by your ISP) it is possible to use an external service to link a hostname to that dynamic address and then people on the Internet can use that unchanging hostname to access your computer even though your IP address is potentially changing. DynDNS.org is an example of this.

  • John Lockwood Level 5 Level 5 (5,075 points)
    Currently Being Moderated
    Nov 22, 2011 5:57 AM (in response to lluca40)

    I would agree it is disappointing Apple do not provide a built-in Dynamic DNS solution - I have actually suggested it to them in the past. However at this point they could still be considered to not yet be addressing the Enterprise market.

     

    For what its worth it is perfectly possible to use Macs and Mac servers and use a non-Mac DNS server.

     

    Things are getting a bit silly, it is getting to a state that in anything other than the smallest simplest setup you need to use non-Mac servers and I say this as a dedicated Mac fan.

     

    While the likely amount of sales and revenue versus the costs of server products might make Apple think it is not worth it they are wrong on every count. Firstly I know how they could solve the hardware side at effectively no cost while still having control (i.e. not allowing other companies to run Mac OS X Server on their hardware), secondly the whole point of Mac servers was to provide a better solution for Macs, Windows servers while they can be used for Mac clients are not Mac friendly and have definitely non-Mac friendly licensing terms.

  • gracoat Level 3 Level 3 (645 points)
    Currently Being Moderated
    Dec 7, 2011 10:52 AM (in response to lluca40)

    Perhaps I'm inexperienced with the whole Dynamically Updating DNS thing, but I just don't see the need for it other than ease of finding which computers are which on a network.

    ...and even that can be cryptic when a computers name is e011034d2a...

    Top that off with an amazingly bloated DNS record set!


    Short answer to your question, Luca...  Here's what I did in my lab.  I set up a windows server with DNS.  I had it set up to allow recursion to my Mac DNS Server.

    The Mac Server was then set up to recieve all records that the Windows server set up.

    This way will allow you to run OD on your Mac Server, and AD on your PC Server with the Golden Triangle.

    The DHCP Server was on the mac, and was set up so that the first DNS entry provided went to the PC Server. The second DNS Entry pointed to the Mac.

     

    I didn't like it, but it worked.  For some, two servers is one too many and for others, two isn't enough.

    -Graham

  • tArre Level 1 Level 1 (85 points)
    Currently Being Moderated
    Dec 16, 2011 7:50 AM (in response to gracoat)

    i had similar issue.

     

    i tend to change it via Command Line but all my changes where overwritten when some Lovely Inocent Operator from Heaven used the Server Admin tool and saves any DNS change...

     

    so i did some research here:

     

     

    first i add these secondary servers to the "Nameservers" box inside the DNS zone (in both zones: direct and reverse)

     

    My problem was, when i enable one "allow transfer" in one zone (for example, direct DNS zone) ALL OTHERS checkbox got unchecked!!! (in this example, the reverse zone).

     

    So it seems to me like Server Admin is only populating the checkboxes changed in Server Admin, and it's not reading the configuration file to see if there was a previous definition with "allow-transfer" (as it does when Server Admin loads... weird).

     

    So as a Workaround you can do:

     

    1) UNCHECK all "allow transfers" checkboxes from Server Admin

    2) SAVE (and quit if paranoia is hitting you so hard)

    3) CHECK all needed checkboxes (in my case, that was the direct and reverse zone) WITHOUT SAVE till you have check all.

    4) SAVE!

     

    that's the way we had it done, hope that helps!

    and excuse my obfuscation explaining, it's not a good day for me, my mind is asking for beach time, hope you understand

  • Robert Assum Level 1 Level 1 (5 points)
    Currently Being Moderated
    Mar 26, 2012 5:40 AM (in response to John Lockwood)

    Hello,

     

    first of all nice to see that I'm not the only human on this planet wondering about this topic.

     

    A longer while ago I stopped already reading Apple's official documents about Server management. First of all usefull information is only available until version 10.6.

     

    I'm also brand new in Apples world using it at home starting from OS version 10.7. I have one server and three clients and yes I have separated my home network into VLANs. As I was still in Windows world at home I never made any thought of having VLAN in use as it did not make any difference but with Mac OS Server I run from one problem into the next one. Topic of problems are many: Find printers, configure Time Machine over VLAN, configure Radius clients and and and. Bonjour should help to easily fix all the problems by working automatically. Nice for not so experienced users but it's such a pitty that Apple does not provide and advanced tools or guides to get things done without this bloddy Bonjour.

     

    This company earns so much money why they are not developing Enterprise suitable server tools. I can't use things like Bonjour in a multi-site company if this even makes troubles at home.

     

    The ability that Windows clients updated their own DNS records or DHCP servers did this on behalf of not Windows clients was just great. I can't even tell how often I open Server Admin DHCP console just to look up for an IP address.

     

    I won't use thrid party tools as with this amount of money I spent for those devices I expect that Apple provides me tools to be happy. If not maybe only M$ is your friend then. Very sorry but true.

     

    Cheers

     

    Robert

  • gilcelli Level 1 Level 1 (10 points)
    Currently Being Moderated
    Jun 4, 2012 6:09 AM (in response to lluca40)

    Hi,

     

    Here's how I've setup to have DNS updated automatically when people connect there computers in your office's network, and also to have it's own internal domain (like office.internal at the end of each connected computer, this allows you connect via VPN connections from your home).

     

    At a glance:

    Set internal server name is macserver.office.internal

     

    DHCP is turned off in "Server Admin" and we use Macports isc-dhcp implementation

    DNS is turned on by OS X Lion Server normally

     

    Here's my quick install guide (tested on OS X Lion Server 10.7.4 and Xcode 4.3.2 with Macports 2.1.1

     

    1. Change your Mac OS X Lion Server hostname to "macserver.office.internal" with Server app:

    Select Hardware then select "Host name": "Edit ..." > "Host name for private network"

              Set it to "macserver.office.internal"

    Check if everything is OK with the hostname:

     

     

    2. Install Macports

    Macports allows you to install command-line utilities and software via the port command (similar to apt-get on Linux). Check out it's Webpage: http://www.macports.org

    After you have installed Macports 2.1.1 or later for OS X Server, open Terminal.app and:

     

    3. Install isc-dhcp from Macports

    First update your port database to have the latest package definitions:

    #sudo port selfupdate

    Now install dhcp

    #sudo port install dhcp

     

    The configuration file of dhcp is located in /opt/local/etc/dhcp/dhcpd.conf

     

    3. Generate the DNS Key to allow DNS to update the connected hostnames

     

    dnssec-keygen is a tool to create dnssec keys, much like ssh-keygen creates ssh keys. Pick a name for your key, it can be any name. I usually name it appropriately. For this example, I will call our key dhcpupdate.

     

    #sudo dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128  -n USER dhcpupdate

     

     

    3. Edit  /opt/local/etc/dhcp/dhcpd.conf


     

    Message was edited by: gilcelli

  • gilcelli Level 1 Level 1 (10 points)
    Currently Being Moderated
    Jun 5, 2012 1:34 AM (in response to gilcelli)

    Hi,

     

    Here's how I've setup to have DNS updated automatically when people connect there computers in your office's network, and also to have it's own internal domain (like office.internal at the end of each connected computer, this allows you connect via VPN connections from your home).

     

    At a glance:

    - Set internal server name via OS X Lion Server "Server" app to "macserver.office.internal"

    - Set the internal IP address to 192.168.64.0/24, e.g macserver.office.internal IP address: 192.168.64.100
    - Set DHCP range from 192.168.64.190 to 192.168.64.250

    - DHCP is turned off in "Server Admin" and we use Macports isc-dhcp implementation

    - Edit DNS settings and start on by OS X Lion Server normally

     

    Here's my quick install guide (tested on OS X Lion Server 10.7.4 and Xcode 4.3.2 with Macports 2.1.1)

     

    1. Change your Mac OS X Lion Server hostname to "macserver.office.internal" with Server app:

    Select Hardware then select "Host name": "Edit ..." > "Host name for private network"

              Set it to "macserver.office.internal"

    Check if everything is OK with the hostname:

     

     

    2. Install Macports

    Macports allows you to install command-line utilities and software via the port command (similar to apt-get on Linux). Check out it's Webpage: http://www.macports.org

    After you have installed Macports 2.1.1 or later for OS X Server, open Terminal.app and:

    Note that most of the files are installed in the /opt/local/ directory

     

    3. Install isc-dhcp from Macports

     

    First update your port database to have the latest package definitions:

    #sudo port selfupdate

    Now install dhcp

    #sudo port install dhcp

     

    The configuration file of dhcp is located in /opt/local/etc/dhcp/dhcpd.conf

    The dhcpd binary is installed in /opt/local/bin/

     

    4. Generate the DNS Key to allow DNS to update the connected hostnames

     

    dnssec-keygen is a tool to create dnssec keys, much like ssh-keygen creates ssh keys. Pick a name for your key, it can be any name. I usually name it appropriately. For this example, I will call our key dhcpupdate.

     

    #sudo dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128  -n USER dhcp-update

     

    The output should be written to /var/named/dhcp-update.key

     

    Don't forget to set permissions to "read-only" for root:
    #sudo chmod ugo-w /var/named/dhcp-update.key

     

    For example my key looks like:

     

    #sudo cat /var/named/dhcp-update.key

    key DHCP-UPDATE-KEY {

    algorithm hmac-md5;

    secret "a9hXeJ31ALVsW/19Rx9OXQ==";

    };

     

    5. Edit  /opt/local/etc/dhcp/dhcpd.conf

    A good tutorial on how to setup a dhcp server with automagically updating DNS is here

    http://lani78.wordpress.com/2008/08/12/dhcp-server-update-dns-records/

     

    So my /opt/local/etc/dhcp/dhcpd.conf looks like this:

     

    # You need the next line or you won't actually be a DHCP server!

    authoritative;

     

    # DDNS stuff - these are the bits that get your DHCP server talking with your DNS server

    ddns-update-style                     interim;

    ddns-updates                               on;

    ddns-ttl                                         600;

     

    server-identifier           macserver.local;

    ddns-domainname           "office.internal.";

    ddns-rev-domainname "64.168.192.in-addr.arpa.";

     

    # this is the file with your shared key in it

    #include "/var/named/dhcp-update.key";

    key DHCP-UPDATE-KEY {

         algorithm hmac-md5;

         secret "a9hXeJ31ALVsW/19Rx9OXQ==";

    };


     

    # this generates a client's DNS name from the hostname the give or the leased IP address

    # ddns-hostname = pick-first-value(ddns-hostname, option host-name, binary-to-ascii(10,8, "-", leased-address));

     

     

    # Normal DHCP stuff

    option domain-name          "office.internal";

    option domain-name-servers          192.168.64.100;

    option ip-forwarding          off;

     

    #default-lease-time           600;

    #max-lease-time                     7200;

     

    # New lease-time

    default-lease-time 86400;

    max-lease-time 86400;

     

    # My Network - this is the set of addresses that you're handing out

    subnet 192.168.64.0 netmask 255.255.255.0 {

            range 192.168.64.190 192.168.64.250;

            option broadcast-address 192.168.64.255;

            option subnet-mask 255.255.255.0;

            option routers 192.168.64.1;

             allow unknown-clients;

            allow client-updates;

     

              zone office.internal. {

                        primary 192.168.64.100;

                        key DHCP-UPDATE-KEY;

        }

     

     

              zone 64.168.192.in-addr.arpa. {

                        primary 192.168.64.100;

                        # this key name matches the name you gave it in the key file

                        key DHCP-UPDATE-KEY;

              }

     

    }

     

    6. Setup DNS Service (but don't start it yet)

    - Startup DNS normally via "Server Admin" and add the primary zone: here "office.internal" and
    - add the nameserver hostname:

    macserver.office.internal

     

    The reverse DNS will automatically be added by "Server Admin".

    Save it but don't start it yet since we need to configure /etc/named.conf

     

    7. Edit /etc/named.conf

    To allow DNS to update it's hostnames edit /etc/named.conf:

    - add the dns-sec key at the top of the file, like here

    - Add the line allow-update { key DHCP-UPDATE-KEY; };

     

    #cat /etc/named.conf

     

    key DHCP-UPDATE-KEY {

              algorithm hmac-md5;

              secret "a9hXeJ31ALVsW/19Rx9OXQ==";

    };

    options {

              directory "/var/named";

              allow-transfer {

                        none;

              };

    };

    acl "com.apple.ServerAdmin.DNS.public" {

              localhost;

              localnets;

    };

    logging {

              channel _default_log {

                        file "/Library/Logs/named.log";

                        severity info;

                        print-time yes;

              };

              category "default" {

                        "_default_log";

              };

    };

    view "com.apple.ServerAdmin.DNS.public" {

              zone "office.internal" IN {

                        type master;

                        file "db.office.internal";

                        allow-transfer {

                                  none;

                        };

                        allow-update { key DHCP-UPDATE-KEY; };

              };

              zone "64.168.192.in-addr.arpa" IN {

                        type master;

                        file "db.64.168.192.in-addr.arpa";

                        allow-transfer {

                                  none;

                        };

                        allow-update { key DHCP-UPDATE-KEY; };

              };

              allow-recursion {

                        com.apple.ServerAdmin.DNS.public;

              };

    };

     

    6. Reboot and start DNS Service from "Server Admin" app:

    Reboot OS X Lion Server and check that dhcpd from Macports is running (with command /opt/local/bin/daemondo
    Start DNS Service with "Server Admin" and normally it should work ;-)

     

    Log files to watch:

    DHCP /opt/local/var/db/dhcpd/dhcpd.leases

     

    See if you get a journal file for DNS (.jnl) in /var/named/

     

    Hope this helps (someone)...

     

    This is the complete edit (my previous post was not saved since the Discussions site switched to maintenance mode... grrr...)

  • Robert Assum Level 1 Level 1 (5 points)
    Currently Being Moderated
    Jun 27, 2012 11:46 AM (in response to gilcelli)

    Hello gilcelli,

     

    thank you first of all for you very long and good explanation how to get this whole thing working. I see that this is not only something which you can do fastly with Apple standard tools but also not too complicated. Because of lack of time I have to skip this now to a later time but for sure I will try this one day (in a test environment). It's just a pitty that Apple does not support this natively. The have the Server Admin Tool for those services and all the configuraton pages in there are almost empty. It's quite confusing when you come from the Windows world and just expecting those things to be present.

     

    Thanks again for this great article once more!

     

    Cheers

     

    Robert

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.